OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Robert Hardy (rhardywebcon.net)
Date: Sun Nov 25 2001 - 20:34:35 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Sun, 25 Nov 2001, Martijn van Oosterhout wrote:
    > On Sat, Nov 24, 2001 at 11:47:01PM -0500, Robert Hardy wrote:
    > > Here is a hand transcribed kernel oops with max ORINOCO_DEBUG:
    > > Code: 8b 43 08 8b 80 90 00 00 00 85 c0 74 11 8b 40 34 85 c0 74 0a
    > > <1>Unable to handle kernel paging request at virtual address 80008024
    > > printing eip:
    > > c0131dd9
    > [snip]
    >
    > Would it be possible to run that through ksymoops to give actual names to
    > those addresses. That segfault as given has no useful information.

    Well it does tell us the last thing printed was orinoco_reset().

    > Is it the kernel spitting that out or klogd?

    The ooops was transcribed by hand off the console after lockup.

    > Recent klogds (iirc) store useful debugging information in
    > /var/log/ksymoops which may be useful for decyphering the oops.

    I don't think we did a good job of running it through ksymoops but it will
    have to do for now. Of the last 10 lockups, 2-3 have generated oops and the
    other 7 have provided no debugging information at all.

    I'll try compiling up a uni-processor kernel in a few days and see if the
    problems persist. I'm running a heavily updated RH6.2. My klogd doesn't seem
    to do any logging in /var/log/ksymoops.

    ksymoops 2.3.5 on i686 2.4.15-pre5. Options used
         -V (default)
         -k /proc/ksyms (default)
         -l /proc/modules (default)
         -o /lib/modules/2.4.15-pre5/ (default)
         -m /boot/System.map (specified)

    Warning (compare_maps): mismatch on symbol nlmsvc_ops , lockd says e0cf72d0, /lib/modules/2.4.15-pre5/kernel/fs/lockd/lockd.o says e0cf673c. Ignoring /lib/modules/2.4.15-pre5/kernel/fs/lockd/lockd.o entry
    Warning (compare_maps): mismatch on symbol nfs_debug , sunrpc says e0cea30c, /lib/modules/2.4.15-pre5/kernel/net/sunrpc/sunrpc.o says e0cea00c. Ignoring /lib/modules/2.4.15-pre5/kernel/net/sunrpc/sunrpc.o entry
    Warning (compare_maps): mismatch on symbol nfsd_debug , sunrpc says e0cea310, /lib/modules/2.4.15-pre5/kernel/net/sunrpc/sunrpc.o says e0cea010. Ignoring /lib/modules/2.4.15-pre5/kernel/net/sunrpc/sunrpc.o entry
    Warning (compare_maps): mismatch on symbol nlm_debug , sunrpc says e0cea314, /lib/modules/2.4.15-pre5/kernel/net/sunrpc/sunrpc.o says e0cea014. Ignoring /lib/modules/2.4.15-pre5/kernel/net/sunrpc/sunrpc.o entry
    Warning (compare_maps): mismatch on symbol rpc_debug , sunrpc says e0cea308, /lib/modules/2.4.15-pre5/kernel/net/sunrpc/sunrpc.o says e0cea008. Ignoring /lib/modules/2.4.15-pre5/kernel/net/sunrpc/sunrpc.o entry
    Code: 8b 43 08 8b 80 90 00 00 00 85 c0 74 11 8b 40 34 85 c0 74 0a
    Using defaults from ksymoops -t elf32-i386 -a i386

    Code; 00000000 Before first symbol
    00000000 <_EIP>:
    Code; 00000000 Before first symbol
       0: 8b 43 08 mov 0x8(%ebx),%eax
    Code; 00000003 Before first symbol
       3: 8b 80 90 00 00 00 mov 0x90(%eax),%eax
    Code; 00000009 Before first symbol
       9: 85 c0 test %eax,%eax
    Code; 0000000b Before first symbol
       b: 74 11 je 1e <_EIP+0x1e> 0000001e Before first symbol
    Code; 0000000d Before first symbol
       d: 8b 40 34 mov 0x34(%eax),%eax
    Code; 00000010 Before first symbol
      10: 85 c0 test %eax,%eax
    Code; 00000012 Before first symbol
      12: 74 0a je 1e <_EIP+0x1e> 0000001e Before first symbol

     <1>Unable to handle kernel paging request at virtual address 80008024
            c0131dd9
    *pde = 00000000
    Oops: 0000
    CPU: 1
    EIP: 0010:[<c0131dd9>] Not tainted
    EFLAGS: 00010286
    eax: 80008000 ebx: cd5add60 ecx: dfbde640 edx: cd5add60
    esi: 00000003 edi: 00000000 ebp: 00000001 esp: cfefde7c
    ds: 0018 es: 0018 ss: 0018
    Process tail (pid: 2420, stackpage=cfefd000)
    Stack: 00000003 00000003 cc7428c0 c0119028 cd5add60 cc7428c0 ccdffaa0 cfefc000
           0000000b 80008008 cc7429e0 c01197b5 cc7428c0 00000000 ccdffaa0 00000000
                          c01072cf 0000000b 00000000 c0113298 c02199be cfefdf80 00000000 cfefc000
    Call Trace: [<c0119028>] [<c01197b5>] [<c01072cf>][<c0113298>][<c0112f2c>]
       [<c0113e83>] [<c0106e64>] [<c0110018>] [<c0138a8a>] [<c0106d73>]
    Code: 83 78 24 00 74 4c be 00 e0 ff ff 21 e6 8b 46 1c 8d 50 01 89

    >>EIP; c0131dd9 <filp_close+2d/a4> <=====
    Trace; c0119028 <put_files_struct+58/c0>
    Trace; c01197b5 <do_exit+111/24c>
    Trace; c01072cf <die+63/64>
    Trace; c0113298 <do_page_fault+36c/4b4>
    Trace; c0112f2c <do_page_fault+0/4b4>
    Trace; c0113e83 <schedule+3ab/5a0>
    Trace; c0106e64 <error_code+34/3c>
    Trace; c0110018 <mtrr_add_page+264/3c8>
    Trace; c0138a8a <sys_fstat64+1a/60>
    Trace; c0106d73 <system_call+33/38>
    Code; c0131dd9 <filp_close+2d/a4>
    00000000 <_EIP>:
    Code; c0131dd9 <filp_close+2d/a4> <=====
       0: 83 78 24 00 cmpl $0x0,0x24(%eax) <=====
    Code; c0131ddd <filp_close+31/a4>
       4: 74 4c je 52 <_EIP+0x52> c0131e2b <filp_close+7f/a4>
    Code; c0131ddf <filp_close+33/a4>
       6: be 00 e0 ff ff mov $0xffffe000,%esi
    Code; c0131de4 <filp_close+38/a4>
       b: 21 e6 and %esp,%esi
    Code; c0131de6 <filp_close+3a/a4>
       d: 8b 46 1c mov 0x1c(%esi),%eax
    Code; c0131de9 <filp_close+3d/a4>
      10: 8d 50 01 lea 0x1(%eax),%edx
    Code; c0131dec <filp_close+40/a4>
      13: 89 00 mov %eax,(%eax)

    5 warnings issued. Results may not be reliable.

    Regards,
    Rob 

    -- 
---------------------"Happiness is understanding."----------------------
Robert Hardy                                          C.E.O. Webcon Inc.
rhardywebcon.net      GPG Key available by request       (613) 276-6206